Source

whatpylonsproject / pylonssecuredapp / controllers / root.py

Full commit
import logging

from pylons import request, response, url, session, tmpl_context as c
from pylons.controllers.util import abort, redirect
from pylons.i18n import lazy_ugettext as l_
from routes.util import url_for

from pylonssecuredapp.lib.base import BaseController, render
from pylonssecuredapp.lib.helpers import flash
from pylonssecuredapp.lib.auth import protect_action

from repoze.what.predicates import is_user, has_permission

log = logging.getLogger(__name__)


class RootController(BaseController):

    def index(self):
        c.title = 'Welcome to a Repoze secured application!'
        c.content = 'This is the main page'
        return render('index.mako')

    def login(self):
        login_counter = request.environ['repoze.who.logins']
        if login_counter > 0:
            flash('Wrong credentials')
        c.login_counter = unicode(login_counter)
        c.came_from = request.params.get('came_from') or url('/')
        return render('login.mako')
    
    def post_login(self):
        identity = request.environ.get('repoze.who.identity')
        came_from = str(request.params.get('came_from', '')) or url('/')
        if not identity:
            login_counter = request.environ['repoze.who.logins'] + 1
            redirect(url('/login', came_from=came_from,
                                __logins=login_counter))
        userid = identity['repoze.who.userid']
        flash('Welcome back, %s!' % userid)
        redirect(url(came_from))

    def post_logout(self):
        flash('We hope to see you soon!')
        came_from = str(request.params.get('came_from', '')) or url('/')
        redirect(url(came_from))
    
    @protect_action(is_user('gustavo'))
    def only_for_gustavo(self):
        c.title = 'Private page for Gustavo'
        c.content = 'This is a sample private page'
        return render('index.mako')
    
    @protect_action(is_user('foo', msg=l_("Only for an user with a stupid name")))
    def only_for_foo(self):
        c.title = 'Private page for foo'
        c.content = 'Protected page featuring a custom predicate message ' \
                    'which is translated lazily.'
        return render('index.mako')
    
    @protect_action(has_permission('administrate'))
    def do_something_important(self):
        c.title = 'This is pretty important'
        c.content = 'This is a sample page using the "has_permission" predicate'
        return render('index.mako')